[Social] Re: Privacy-over-Webfinger Draft

From:

Ben Laurie

Subject:

[Social] Re: Privacy-over-Webfinger Draft

Date:

Wed, 14 Jul 2010 14:47:34 +0100

On 14 July 2010 02:34, Blaine Cook <address@hidden> wrote:
> Attached is a[n early] and long-promised draft of a relatively
> insecure but easy-to-implement approach to decentralized authorization
> using webfinger. Feedback is most welcome, especially in the lead-up
> to the Federated Social Web summit in Portland this weekend.
What summit is this?
Anyway...
a) So much of the spec is out of scope, this doesn't really describe a
mechanism at all.
b) Webfinger is used, it seems, to do all-or-nothing delegation to the
Client. What about scoped delegation?
>
> For those concerned about security, don't despair, crypto can be
> layered on like maple syrup at a sugar shack. :-)
Not using HTTP throughout would probably be a good start.
>
> b.
>